Passwordless sign-in is only as reliable as your email delivery.

We’ve been adding email-based sign-in to a client’s app: a link or a code instead of a password. It is a good user experience, and it moves your login reliability onto one thing, email actually being delivered. If the message does not arrive, the user cannot get in.

For the major mailbox providers we can test directly, because we keep accounts and can open them. Corporate domains are harder. Mail goes through Amazon SES to inboxes we cannot log into, and the person who can see what is happening is the company’s own email administrator, not us.

So I built a small tool that isolates the SES delivery leg and nothing else in the path, simple enough to hand to that admin so they can test without us in the loop. It checks sending status, identity and DKIM health, sends a real test message, and shows the SES account suppression list, a common cause of mail that is accepted but never delivered.

Open source under MIT: https://github.com/ConflictHQ/mailsend-ses Write-up: https://leomata.com/blog/passwordless-auth-email-delivery/

Built at CONFLICT, an AWS Partner. Runs on Cloudflare Workers.

If you run email-based auth, I am curious how you test delivery to domains you do not control.

#aws #ses #cloudflare #email #devtools